Release Notes
PMK 5.12.2 patch is available now
PMK 5.12.0 Release Summary (Released 2025-03-22)
The Platform9 Managed Kubernetes (PMK) version 5.12 release is now generally available with active support for Kubernetes v1.31. This release brings new features, enhancements and critical bug fixes to improve overall user experience and stability.
Kubernetes 1.29 Deprecated
Kubernetes v1.28 and lower versions are marked as End of Life on PMK 5.12
New clusters are to be created on Kubernetes v1.30 or above. All clusters must be upgraded to at least Kubernetes v1.29 before upgrading from PMK 5.11.x to PMK 5.12
Kubernetes 1.29 Deprecated
Kubernetes v1.29 is marked as deprecated.
New clusters should be created on Kubernetes v1.30 or above.
Release Highlights
New Features
AddedAdded active support for Kubernetes 1.31.
AddedAdded support for RHEL 8.10: auto$.
Feature Updates
Added UI performance improvements when loading a large number of Kubernetes objects like namespaces, pods, deployments, services etc. with improved caching strategy in rendering.
Added Updated libraries/ module dependencies to fix CVEs
Added Added ability to modify the verbosity level for kube-api server.
Deprecations, Feature Removal and EOL information
Following Operating Systems are no longer supported with PMK 5.12 and above. Check the PMK 5.12 support here: auto$
RHEL 8.6
RHEL 8.7
Rocky 9.2
Centos 7.9
Platform9 CLI
The pf9ctl release 1.30 is now available (release notes for pf9ctl v1.30) and can be installed by running the following command
Bug Fixes
Fixed Fixed the issue causing MetalLB addon in BGP mode to report unhealthy state due to the bug Community validation webhook denies all updates in upstream MetalLB v0.14.2. Upgraded MetalLB addon to v0.14.9 to solve the issue.
Fixed Fixed an issue causing host onboarding to fail for new hosts on DU having dynamic kubelet configuration DKC.
Fixed Fixed the issues that caused add-on operator to remove the custom cert manager objects on disabling Luigi and custom prometheus objects on disabling the pf9-monitoring add-on.
Fixed Fixed an issue due to which existing default apiserver flags could not be modified (e.g. service-account-issuer).
Platform9 CLI
The pf9ctl release 1.31 is now available (release notes for pf9ctl v1.31) and can be installed by running the following command
Known Issues
Known Issue All existing and new AWS clusters in PMK must be configured with an is_update flag and restricted security group rules. Without this cluster updates(such as AMI updated) and upgrades may fail. Please reach out to Platform9 support for this configuration.
Known Issue During upgrade of a PMK cluster, uninstallation of pf9-kube package may be incomplete/ stuck, if there are any workloads whose associated containers cannot be cleanly stopped and removed. Contact platform9 support if this is observed.
Known Issue On Rocky Linux 9 (tested on 9.2 and 9.4), platform9's pf9-kube package installs iptables-services as a dependency. With recent updates to the upstream repositories, installation will fail due to a missing dependency on iptables-legacy-* packages.
Known Issue (On Rocky Linux 9) Users will need to install the legacy packages by running dnf install iptables or dnf install iptables-utils on workload cluster nodes. Since this is a recent upstream change, a solution will be provided in upcoming releases by packaging the required packages along with pf9-kube package.
Known Issue AWS clusters using flannel CNI need to be updated to use port 2379 instead of 4001 from1.22 version onwards. Workaround is to go to the "Edit cluster" option on the UI and clicked on "Update cluster" without making any changes. This adds the 2379 ingress rule to the master ELB.
Known Issue When a detach operation is performed on a master node in a multi master cluster, it takes approximately 30 minutes to complete all the detach operations and perform cleanup on the node. Therefore, if you want to reattach this node to any other cluster, you need to wait for the nodelet to stop all the phases and perform cleanup before attempting to reattach the node.
Known Issue In some scenarios, after a node is removed from the qbert clusters, nodelet fails to cleanup the data. Workaround is to check and remove the /var/opt/pf9/kube directory if present, even after the node is deauthorized.
Known Issue Cluster upgrade attempt is blocked on UI post a cluster upgrade failure due to nodes being in a converging/not converged state.
Known Issue Kubelet authorization mode is marked set to AlwaysAllow instead of Webhook.
Known Issue PMK Cloud provider created directly in Sunpike cannot be used to create qbert clusters. Qbert cloud providers will work to create both qbert and sunpike clusters. But cloud providers created directly in sunpike CANNOT be used to create qbert clusters. Please use the appropriate one based on your needs.
Known Issue In PMK versions 5.12.0 and 5.12.1, vouch does not create new tokens and roles during redeployment if existing vouch data is present in Consul. The system incorrectly skips token and role creation, leading to deployment and node onboarding failures.
Known Issue: AWS cluster creation fails with worker nodes stuck at the nodelet phase Apply and validate node taints (fixed in PMK 5.12.1)
Package Updates
PMK 5.12 Latest Kubernetes Components List
KUBERNETES BUILD VERSION
1.31.5-pmk.81
1.30.4-pmk.139
1.29.2-pmk.245
CONTAINERD
1.7.13
1.7.13
1.7.13
RUNC
1.1.12
1.1.12
1.1.12
CORE-DNS
1.11.1
1.11.1
1.11.1
METRICS SERVER
0.6.4
0.6.4
0.6.4
METAL LB
0.14.9
0.14.9
0.14.9
KUBERNETES DASHBOARD
2.7.0
2.7.0
2.7.0
CLUSTER AUTO-SCALER AWS
1.28.0
1.28.0
1.28.0
FLANNEL
0.24.2
0.24.2
0.24.2
CALICO
3.27.2
3.27.2
3.27.2
ETCD
3.5.12
3.5.12
3.5.12
CNI PLUGINS
1.4.0
1.4.0
1.4.0
KUBEVIRT
1.0.0
1.0.0
1.0.0
KUBEVIRT CDI
1.57.0
1.57.0
1.57.0
ADVANCED NETWORKING OPERATOR (LUIGI)
0.5.8
0.5.8
0.5.8
MONITORING - PROMETHEUS OPERATOR
0.68.1
0.68.1
0.68.1
PROFILE AGENT
2.0.2
2.0.2
2.0.2
METAL3
1.1.1
1.1.1
1.1.1
PMK 5.12.1 Patch (Released 2025-05-01)
Added Added support for Ubuntu 24.04 LTS (Refer Managed Kubernetes Support Matrix)
Added Updated libraries/ module dependencies to fix CVEs
Bug Fixes
Fixed Fix for CVE in nginx-ingress-controller PMK-6652: CVE-2025-1974: ingress-nginx admission controller RCE, CVS Score 9.8
Fixed Fixed: AWS cluster creation failed (in PMK 5.12.0) with worker nodes stuck at the nodelet phase Apply and validate node taints
Fixed Fixed a regression that affected Grafana monitoring managed addon (installed from Platform9 UI managed the addon operator) due to the earlier fix for CVE-2025-1974: ingress-nginx admission controller applied to the management plane. Grafana UI now loads properly and is not redirected to another page.
Platform9 CLI
The pf9ctl release 1.32 is now available with support for Ubuntu 24 and can be installed by running the following command.
Known Issues
Same as PMK 5.12.0 (see above known issues in PMK 5.12.0)
PMK 5.12.1 Latest Kubernetes Components List
KUBERNETES BUILD VERSION
1.31.5-pmk.96
1.30.4-pmk.157
1.29.2-pmk.266
CONTAINERD
1.7.13
1.7.13
1.7.13
RUNC
1.1.12
1.1.12
1.1.12
CORE-DNS
1.11.1
1.11.1
1.11.1
METRICS SERVER
0.6.4
0.6.4
0.6.4
METAL LB
0.14.9
0.14.9
0.14.9
KUBERNETES DASHBOARD
2.7.0
2.7.0
2.7.0
CLUSTER AUTO-SCALER AWS
1.28.0
1.28.0
1.28.0
FLANNEL
0.24.2
0.24.2
0.24.2
CALICO
3.27.2
3.27.2
3.27.2
ETCD
3.5.12
3.5.12
3.5.12
CNI PLUGINS
1.4.0
1.4.0
1.4.0
KUBEVIRT
1.0.0
1.0.0
1.0.0
KUBEVIRT CDI
1.57.0
1.57.0
1.57.0
ADVANCED NETWORKING OPERATOR (LUIGI)
0.5.8
0.5.8
0.5.8
MONITORING - PROMETHEUS OPERATOR
0.68.1
0.68.1
0.68.1
PROFILE AGENT
2.0.2
2.0.2
2.0.2
METAL3
1.1.1
1.1.1
1.1.1
PMK 5.12.2 Patch (Released 2025-07-28)
Bug Fixes
Fixed In PMK versions 5.12.0 and 5.12.1, vouch failed to create new tokens and roles during redeployment when existing vouch data was present in Consul. The system incorrectly skipped creating new entries if previous entries existed, which caused deployment and node onboarding failures.
Last updated
Was this helpful?